[jira] [Commented] (SOLR-7826) Permission issues when creating cores with bin/solr as root user

Tue, 04 Oct 2016 09:53:37 -0700 

    [ 
https://issues.apache.org/jira/browse/SOLR-7826?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15545946#comment-15545946
 ] 

Hoss Man commented on SOLR-7826:
--------------------------------

1. I love your new AssertTool code
2. ...

bq. But then should it not be allowed to create SOLR_HOME by hand as another 
user, and then make sure that the solr user has full access through its group 
memberships? Or equivalent ACL rights for Windows? Seems potentially more 
trappy than the root check...

That's a good point ... I feel like enforcing that the same user be used every 
where is the lesser of the evils -- but only if we had been doing that since 
day #1 in {{bin/solr}}.  If we start enforcing that now that might screw people 
with existing installs like you describe.

I honestly don't know how i feel about this issue anymore.

Maybe we should just stick with "only root is special / prohibited" behavior 
for now (either using the code you already committed, or your new AssertTool 
code) and consider more restrictive "use the same user everywhere, but 
{{-force}} will " let you use any user" type logic in 7.0?

> Permission issues when creating cores with bin/solr as root user
> ----------------------------------------------------------------
>
>                 Key: SOLR-7826
>                 URL: https://issues.apache.org/jira/browse/SOLR-7826
>             Project: Solr
>          Issue Type: Improvement
>            Reporter: Shawn Heisey
>            Assignee: Jan Høydahl
>            Priority: Minor
>              Labels: newdev
>             Fix For: 6.3, master (7.0)
>
>         Attachments: SOLR-7826.patch, SOLR-7826.patch, 
> SOLR-7826_sameuser.patch
>
>
> Ran into an interesting situation on IRC today.
> Solr has been installed as a service using the shell script 
> install_solr_service.sh ... so it is running as an unprivileged user.
> User is running "bin/solr create" as root.  This causes permission problems, 
> because the script creates the core's instanceDir with root ownership, then 
> when Solr is instructed to actually create the core, it cannot create the 
> dataDir.
> Enhancement idea:  When the install script is used, leave breadcrumbs 
> somewhere so that the "create core" section of the main script can find it 
> and su to the user specified during install.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to